Overview

overview

10

Static

static

1aebbb422d...60.exe

windows7-x64

10

1aebbb422d...60.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    266s
  • max time network
    289s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2022 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660.exe

  • Size

    149KB

  • MD5

    13e1538d403a3618db92ad0700f08b5f

  • SHA1

    1587263acf5a662d8f2f202c36bedec0cbf02b2e

  • SHA256

    1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660

  • SHA512

    5b895dbcba1a1fc98e849b1dbb5f9b0842577fe1e1fa827c61d428d75e5c03f039479be77ffc5eee83e520ff9f7d6843aa5020cae902e4e84c1c505c67ce9014

  • SSDEEP

    3072:3VhJZAxYQRZEPtEhdny8G3j28ffU1xZfVZFcmIdkbsuPXMbGNonigN:3VhJ+O8YtEhAw8XU1DPVQu02Ui

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://ocvitcamap.com/administrator/lib/cheapoakley.php

http://spark-leds.com/upload/images/images.php

http://sapacmold.com/img/t/t.php

http://www.ubikate.mx/wp-includes/images/images.php

http://www.ebouw.nl/wp-includes/pomo/pomo.php

http://www.getserved.nl/wp-content/themes/themes.php

http://www.multiposting.nl/wp-includes/theme-compat/ips_kernel.php

Signatures

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660.exe
    "C:\Users\Admin\AppData\Local\Temp\1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Users\Admin\AppData\Local\Temp\1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660.exe
      "C:\Users\Admin\AppData\Local\Temp\1aebbb422db0bd827c25bef6d426ae748c69b421d91a914f90be48b39c01c660.exe"
      2⤵
      • Accesses Microsoft Outlook accounts
      • Accesses Microsoft Outlook profiles
      • Suspicious use of AdjustPrivilegeToken
      • outlook_win_path
      PID:4100

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3644-132-0x00000000749E0000-0x0000000074F91000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3644-136-0x00000000749E0000-0x0000000074F91000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4100-134-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/4100-135-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/4100-137-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/4100-138-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download